git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	J. Bruce Fields <bfields@redhat.com>
	Tue, 5 Mar 2019 21:17:58 +0000 (16:17 -0500)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 14 Aug 2019 09:18:49 +0000 (11:18 +0200)
commit	9a61bc5ada86fc5167381dfd03b3a2f45c9906f0
tree	5387802b59fd7172b195c5ea330a1bce5d696a07	tree
parent	8096d6a8349c4f0b7cc8ca29ebeec50dbb77b205	commit \| diff

security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock

BugLink: https://bugs.launchpad.net/bugs/1837952
commit 3815a245b50124f0865415dcb606a034e97494d4 upstream.

In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts()
fails to set set_kern_flags, with the result that
nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL.

The result is that if you mount the same NFS filesystem twice, NFS
security labels are turned off, even if they would work fine if you
mounted the filesystem only once.

("fixes" may be not exactly the right tag, it may be more like
"fixed-other-cases-but-missed-this-one".)

Cc: Scott Mayhew <smayhew@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..."
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>